• jagged_circle@feddit.nl
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    3
    ·
    6 days ago

    Yes X.509 is broken. If you’re a developer and not pinning certs, you’re doing it wrong.

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        12
        ·
        edit-2
        6 days ago

        What part are you confused about, and are you a developer?

        Edit: why was I downvoted for asking this?

    • oldfart@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 days ago

      Yeah, now imagine pinning certs that change weekly.

      My first thought is that old school secure software (like claws-mail) treats a cert change as a minor security incident, asking you to confirm every time. Completely different school of thought.